spesmilo / electrum

Electrum Bitcoin Wallet
https://electrum.org
MIT License
7.54k stars 3.11k forks source link

BIP39 seed words/mnemonic not stored in wallet file #7214

Open AngeloMetal opened 3 years ago

AngeloMetal commented 3 years ago

I've just noticed that if you recover a wallet by importing its seed phrase on electrum, it won't be stored anywhere on your hard drive. Alongside, if you normally create a wallet, the seed phrase can be found on the electrum wallet file.

I'm using Electrum 4.0.4 and the seed phrase is BIP39. This is the keystore from my wallet file:

"keystore": {
        "derivation": "m/84'/0'/0'",
        "pw_hash_version": 1,
        "root_fingerprint": "-snip-",
        "type": "bip32",
        "xprv": "-snip-",
        "xpub": "-snip-"
    }

Is there any reason why it only shows one private child key? If it does, shouldn't there be a warning about that?

SomberNight commented 3 years ago

Right. The wallet file only stores electrum seeds.

In case of restoring from a BIP39 seed, we calculate a master private key from the seed words, store the master private key, and discard the seed words.

I believe this has been mentioned multiple times in various issues but it might not have had a dedicated issue before. (see e.g. https://github.com/spesmilo/electrum/issues/4602#issuecomment-409913017)

SomberNight commented 3 years ago

Note that if we changed this and started storing bip39 seeds, we would need to change the seed dialogs where the seed is shown to clearly distinguish between electrum seeds and bip39 seeds, and potentially warn users if they have a bip39 seed that it is not sufficient to backup only that.

ecdsa commented 3 years ago

I think it is ok that we do our best to let people recover their funds from a bip39 seed. However, we should not encourage them to keep using that type of seed. Any idea how to do that?

strk commented 4 months ago

Why would you not want to encourage using bip39 seeds exactly ? I find it concerning that I cannot use Electrum seed in any other wallet, while BIP39 can be. This makes me PREFER bip39. I've read somewhere you have a security concern: did you consider submitting the "Electrum seed" as a BIP to stimulate its support from other wallets ?